[gptalk] Re: Custom ADM Issues
- From: "Jonathan Finkbiner" <JFinkbiner@xxxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Thu, 7 Feb 2008 09:58:31 -0500
The last policy has to be a REG_DWORD value but it has to be in decimal
format. When you create the key, you type the value (for example 60) and
when you bubble in "decimal" on the registry entry it changes the value
from 60 to 0000003c. Is there a special way to provision for this? Or am
I just safe doing another spin control?
Jonathan Finkbiner
________________________________
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Darren Mar-Elia
Sent: Wednesday, February 06, 2008 4:37 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Custom ADM Issues
That one's easy. The TXTCONVERT keywords converts those settings to
REG_SZ
And, on the last policy, you're using an EDITTEXT Part, which
automatically makes it REG_SZ.
Darren
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Jonathan Finkbiner
Sent: Wednesday, February 06, 2008 1:29 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Custom ADM Issues
I went through a couple different iterations trying to troubleshoot. You
are absolutely correct if you are saying I can consolidate this down
into one single policy.
For some reason these are being written to the registry as REG_SZ and
not REG_DWORD values. Any ideas?
Jonathan Finkbiner
________________________________
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Delaney, Doug
Sent: Wednesday, February 06, 2008 4:23 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Custom ADM Issues
I also think you only need the first CATEGORY "NAC Options" and the last
two END CATEGORYs
Doug Delaney
EDS - Integration Engineering-GM
GM Desktop Engineering
1075 W. Entrance Dr., MS 2B, Cube 2130
Auburn Hills, MI 48326
Cell: 248-210-4973
Lab: 248-365-9187
Tel: 248-754-7917
Pg: 248-870-0306 pager
Mail: Doug.Delaney@xxxxxxx <mailto:Doug.Delaney@xxxxxxx>
Note: The information in this email is intended solely for the
addressee. Access to this email by anyone else is unauthorized. If you
are not the intended recipient, any disclosure, copying, distribution or
any action taken or omitted to be taken in reliance on it is prohibited.
________________________________
From: gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Nelson, Jamie R
Sent: Wednesday, February 06, 2008 3:03 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Custom ADM Issues
You don't need the HKEY_LOCAL_MACHINE in the KEYNAME.
Jamie Nelson | Systems Engineer | Systems Support, Information
Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax
405.553.5687 | http://www.integrisok.com <http://www.integrisok.com/>
From: gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Jonathan Finkbiner
Sent: Wednesday, February 06, 2008 1:55 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Custom ADM Issues
Hey All,
I thought I sent this on Monday, but apparently with this
"email" thing you have to hit a send button to get it to work.
I was looking for a little feedback on a custom adm template
I've been working on. I am sure the problem is staring me right in the
face but I am completely missing it.
I want to generate and manage 3 keys on all computers across the
domain. The three keys are the following:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EAPOL\Parameters\General\Global]
"AuthMode"=dword:00000002
"SupplicantMode"=dword:00000003
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon]
"GpNetworkStartTimeoutPolicyValue"=dword:0000003c (This should
be a decimal value)
I've created adm templates before, but it has been a while and
so far all I can do is get the event log to spit angry messages at me.
Here is a sample of the code I am using (I've left off the strings
comments to keep this as brief as possible):
CLASS MACHINE
CATEGORY "System"
CATEGORY "NAC Options"
POLICY !!AMode
EXPLAIN !!AMode_Exp
KEYNAME
"SOFTWARE\Microsoft\EAPOL\Parameters\General\Global"
PART "Authentication Mode" NUMERIC
VALUENAME "AuthMode"
MIN 0
MAX 2
TXTCONVERT
DEFAULT 2
SPIN 1
END PART
END POLICY
END CATEGORY
CATEGORY "NAC Options"
POLICY !!SMode
EXPLAIN !!SMode_Exp
KEYNAME
"SOFTWARE\Microsoft\EAPOL\Parameters\General\Global"
PART "Supplicant Mode" NUMERIC
VALUENAME "SupplicantMode"
MIN 1
MAX 3
TXTCONVERT
DEFAULT 3
SPIN 1
END PART
END POLICY
END CATEGORY
CATEGORY "NAC Options"
POLICY !!Timeout
EXPLAIN !!Timeout_Exp
KEYNAME
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon"
PART "Timeout for NAC Negotiation"
EDITTEXT REQUIRED
VALUENAME
"GpNetworkStartTimeoutPolicyValue"
DEFAULT "0000003c"
END PART
END POLICY
END CATEGORY
END CATEGORY
There are 2 seemingly non specific errors that I am getting that
may help. These are both from the event log:
"Windows cannot create registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon. (The parameter is incorrect. )."
"Windows cannot access the registry policy file,
\\domain.com\SysVol\domain.com\Policies\{BA8CA221-6DC1-4631-B838-4135A66
DE872}\Machine\registry.pol. (The parameter is incorrect. )."
As always, thanks in advance.
Jonathan Finkbiner <mailto:jfinkbiner@xxxxxxx>
Information Services
Support Analyst
Lifestyle Family Fitness <http://www.lff.com/>
________________________________
This e-mail may contain identifiable health information that is
subject to protection under state and federal law. This information is
intended to be for the use of the individual named above. If you are not
the intended recipient, be aware that any disclosure, copying,
distribution or use of the contents of this information is prohibited
and may be punishable by law. If you have received this electronic
transmission in error, please notify us immediately by electronic mail
(reply).
________________________________
This e-mail may contain identifiable health information that is
subject to protection under state and federal law. This information is
intended to be for the use of the individual named above. If you are not
the intended recipient, be aware that any disclosure, copying,
distribution or use of the contents of this information is prohibited
and may be punishable by law. If you have received this electronic
transmission in error, please notify us immediately by electronic mail
(reply).
Other related posts:
